Indian law enforcement has revealed details of a high-profile hacking attack on the cryptocurrency exchange CoinDCX, which resulted in the loss of crypto assets amounting to approximately $44 million. The investigation established that the breach was made possible by malware installed by hackers on the corporate laptop of one of the company’s employees.
This is reported by Finway
Crime Scheme and the Role of the CoinDCX Employee
According to the investigation’s findings, the perpetrators targeted CoinDCX employee Rahul Agarwal, who had three years of experience with the company, and offered him a side job. Initially, he performed simple online tasks, such as writing reviews, using his personal computer. Over time, as the tasks became more complex, he switched to the company laptop, which allowed hackers to install malware on the corporate device.
Through this software, the criminals gained access to CoinDCX’s operational wallet and transferred cryptocurrency to six external wallets. An internal investigation by the company revealed that the employee received over $17,000 for completing “freelance tasks,” which he explained as payment for additional work.
“Agarwal had no idea he had become a tool in the hands of hackers. The realization came too late.”
Investigation Challenges and CoinDCX’s Response
Due to the lack of clear regulation of the cryptocurrency market in India, the investigation is complicated. Officials emphasize that tracking the movement of funds on the blockchain is significantly more challenging than in traditional banking transactions, especially if cryptocurrency wallets are registered outside the country. Additionally, exchanges may refuse to cooperate with the police, making it considerably harder to recover stolen funds.
Following the incident, CoinDCX co-founder Nirej Khandelwal announced the launch of a reward program for the return of stolen assets. Anyone who helps recover the funds is promised 25% of the recovered amount, which could reach $11 million.
Bengaluru law enforcement has registered a criminal case under charges of theft, fraud, and breach of trust according to the IT Act and the Indian Penal Code.
It is worth noting that CoinDCX CEO Sumit Gupta has denied rumors of the company’s sale to the American crypto platform Coinbase for nearly $1 billion.
The situation with CoinDCX once again highlights the vulnerability of cryptocurrency exchanges to internal risks and the necessity of enhancing cybersecurity in the evolving landscape of digital finance.